this post was submitted on 15 Nov 2023
68 points (84.0% liked)

Technology

34877 readers
45 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 1 year ago (3 children)

In the article it mentions that the service is run by sunbird. Just by reading their FAQ it doesn’t actually sound like they are MITM’ing messages via some mac server somewhere. It actually sounds more plausible to me that they are doing all the magic “on device”. They specifically mention that this won’t work on multiple phones at the same time, that’s what’s tipping me off.

What I suspect is happening is that the phone itself is spoofing an actual iPhone, and connecting to Apple servers as if it is one. Normally you wouldn’t be able to do this, Apple sells the phones, so they know all the serial numbers that should be able to access iMessage, and would be able to block anything that doesn’t report to be a real iPhone. What I think may be happening is that sunbird could be buying up pallets of dead, old, or otherwise unusable iPhones for pennies on the dollar, and using those serial numbers to pretend they were an iPhone from another device (like the nothing phone) directly.

This would make sense with their business model, according to their FAQ they have “no reason to charge money” for their product yet. Buying access to iMessage for a few bucks upfront with no ongoing cost would match up with what they are claiming, and it would be extremely hard for Apple to detect on their end, as they would appear to be all sorts of models, bought at different times, in different places, and signed in by real people.

I want to reiterate that this is pure speculation on my part, it's just a theory. Which this would mean that (in theory) chats could (and would) be E2E encrypted from sender to receiver, ultimately it’s still Nothing/Sunbird’s app, so they could be doing anything with it on device.

[–] [email protected] 20 points 1 year ago (2 children)

According to JerryRigEverything, they actually run you through a mac mini on their server farm. He said he has info about that confirmed by the devs. Not sure what’s true, but i usually trust him, seems like a good guy.

[–] [email protected] 14 points 1 year ago

MKBHD said the same, apparently confirmed by their CEO

[–] [email protected] 5 points 1 year ago

It also says that in the linked article itself lmao

[–] [email protected] 15 points 1 year ago (1 children)

You wrote a whole essay speculating when it literally says in the article:

Nothing Chats then leverages Sunbird’s undisclosed number of Mac mini computers across Europe and North America as a waypoint for sending and receiving iMessage-compatible texts and media.

[–] [email protected] 1 points 1 year ago

They claim it in the article, and in a few other publications, but I haven’t seen anything that explicitly confirms, from sunbird, that this is the case, including on their website. They also make claims on their website that conflict with that architecture, as I don’t believe it would be possible to E2E encrypt messages like they claim they do. I kinda wonder if the Mac Mini claim is an assumption that everyone just ran with, without confirming that it’s true. I could be wrong though, I’ll gladly eat my words if anyone has a primary source to cite, but that architecture and business model just doesn’t appear to be compatible with their claims.

[–] [email protected] 2 points 1 year ago

Incredibly elaborate and provocative reply, fellow underscorer